Advisory ROSA-SA-2021-1896

Software: libtiff 4.0.3 OS: Cobalt 7.9 CVE-ID: CVE-2016-3620 CVE-Crit: HIGH CVE-DESC: The ZIPEncode function in tifzip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" parameter is used, allows remote attackers to cause a denial of service buffer overflow via a generated BMP...

DEBIAN-CVE-2014-8130

The TIFFmalloc function in tifunix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tifwrite.c, as demonstrated by...

CVE-2014-8130

The TIFFmalloc function in tifunix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tifwrite.c, as demonstrated by...

CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tifnext.c to verify that the BitsPerSample value is 2, and the t2psamplelabsignedtounsigned function in tiff2pdf...

Out-of-bounds

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted TIFF image to the 1 checkInkNamesString function in tifdir.c in the thumbnail tool, 2 compresscontig function in tiff2bw.c in the tiff2bw tool, 3 putcontig8bitCIELab function in...

CVE-2014-8127

CVE-2014-8127 affects LibTIFF 4.0.3 and is triggered by malformed TIFF images processed by multiple LibTIFF tools (thumbnail, tiff2bw, tiff2rgba, tiff2ps, tiffdither, tiffmedian, tiffset). The root cause is an out-of-bounds read in these tools, potentially enabling denial of service or crash when...

Integer overflow

Integer overflow in tifpackbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service crash via crafted BMP image, related to dimensions, which triggers an out-of-bounds read...

CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tifnext.c to verify that the BitsPerSample value is 2, and the t2psamplelabsignedtounsigned function in tiff2pdf...

CVE-2014-8127

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted TIFF image to the 1 checkInkNamesString function in tifdir.c in the thumbnail tool, 2 compresscontig function in tiff2bw.c in the tiff2bw tool, 3 putcontig8bitCIELab function in...

(tiff2pdf): use-after-free in t2p_readwrite_pdf_image()

Use-after-free vulnerability in the t2preadwritepdfimage function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted TIFF image...

Out-of-bounds

The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a crafted GIF image...

CVE-2013-4244

The CVE-2013-4244 issue affects libtiff up to version 4.0.3, where the gif2tiff tool’s LZW decompressor is vulnerable. A crafted GIF image can trigger a denial of service via an out-of-bounds write and crash, and may allow arbitrary code execution. This vulnerability is corroborated by multiple s...

CVE-2013-4244

The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a crafted GIF image...

CVE-2013-4232

Use-after-free vulnerability in the t2preadwritepdfimage function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted TIFF image...

CVE-2013-4232

CVE-2013-4232 is a use-after-free in libtiff 4.0.3, specifically in t2p_readwrite_pdf_image() of tools/tiff2pdf.c, allowing a remote attacker to crash the process or possibly execute arbitrary code via a crafted TIFF image. Connected sources confirm this as part of multiple LibTIFF issues (CVE-20...

CVE-2013-4232

Use-after-free vulnerability in the t2preadwritepdfimage function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted TIFF image...

CVE-2013-4243

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted height and width values in a GIF image...